Cyber security experts warn of EternalRocks, meaner than WannaCry

After WannaCry, an even greater threat, EternalRocks is lurking on the internet, according to researchers. The new malware strain is said to target the same vulnerability that wrecked havoc worldwide through WannaCry ransomware

EternalRocks exploits the same vulnerability in Windows that helped WannaCry spread to computers and holds far greater threats than WannaCry, making it potentially tougher to fight, according to experts.

Like the original ransomware, WannaCry, EternalRocks also deploys an NSA tool known as EternalBlue to infect one computer after another through Windows. But, according to Fortune, it had six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (also part of WannaCry).

In its current form, EternalRocks does not come with any malicious elements, it does not lock or corrupt files, or use compromised machines to build a botnet. But that does not make it any less dangerous, as EternalBlue leaves infected computers vulnerable to remote commands that could 'weaponise' the infection at any time.

WannaCry, which had hit 150 countries, including India, had affected more than 240,000 machines, primarily those running unpatched versions of Windows 7. The malware encrypts files on infected machines and demands payment for unlocking them.

According to Miroslav Stampar, the Croatian security expert for the country's Computer Emergency Response Team (CERT), the malware thrived on DoublePulsar, Architouch and SMBtouch tools, which were apparently used by US security agency, NSA for its own snooping purposes, as exposed by hacking group ShadowBrokers.

According to Stampar's study posted online, the malware was downloaded in two separate stages and the second part was activated after 24 hours that allowed it to avoid detection by the user or anyone else. The malware apparently is aimed at targeting a device anonymously, but can be activated whenever required.

''After about six to eight hours of analysis, I found how to provoke the second stage,'' RT.com quoted Stampar as saying. ''I got kind of excited and scared as somebody had successfully, and professionally, packed all SMB exploits from ShadowBroker's dump. I predicted that something bigger than WannaCry is coming.''